/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package cc.vicp.djx314.starfood.web.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

/**
 * Logs a principal out.
 * <p>
 * Polls a series of {@link LogoutHandler}s. The handlers should be specified in the order they are required.
 * Generally you will want to call logout handlers <code>TokenBasedRememberMeServices</code> and
 * <code>SecurityContextLogoutHandler</code> (in that order).
 * <p>
 * After logout, a redirect will be performed to the URL determined by either the configured
 * <tt>LogoutSuccessHandler</tt> or the <tt>logoutSuccessUrl</tt>, depending on which constructor was used.
 *
 * @author Ben Alex
 */
public class LogoutFilter extends GenericFilterBean {

	//~ Instance fields ================================================================================================

	//~ Constructors ===================================================================================================

	/**
	 * Constructor which takes a <tt>LogoutSuccessHandler</tt> instance to determine the target destination
	 * after logging out. The list of <tt>LogoutHandler</tt>s are intended to perform the actual logout functionality
	 * (such as clearing the security context, invalidating the session, etc.).
	 */
	/*public LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) {
		Assert.notEmpty(handlers, "LogoutHandlers are required");
		this.handlers = Arrays.asList(handlers);
		Assert.notNull(logoutSuccessHandler, "logoutSuccessHandler cannot be null");
		this.logoutSuccessHandler = logoutSuccessHandler;
	}*/

	//~ Methods ========================================================================================================

	/*public void setFilterProcessesUrl(String filterProcessesUrl) {
		Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid value for" +
				" 'filterProcessesUrl'");
		this.filterProcessesUrl = filterProcessesUrl;
	}

	protected String getFilterProcessesUrl() {
		return filterProcessesUrl;
	}*/

	//~ My Code ========================================================================================================
	//private String filterProcessesUrl = "/j_spring_security_logout";
	/**
	 * handler
	 */
	private final List<LogoutHandler> handlers;
	//private final LogoutSuccessHandler logoutSuccessHandler;
	/**
	 * 登出成功handler
	 */
	Map<String, LogoutSuccessHandler> urlSuccessHandlerMap = new
			HashMap<String, LogoutSuccessHandler>();

	/**
	 * 构造函数
	 * @param logoutSuccessUrlMap
	 * @param handlers
	 */
	public LogoutFilter(Map<String, String> logoutSuccessUrlMap, LogoutHandler... handlers) {
		Assert.notEmpty(handlers, "LogoutHandlers are required");
		this.handlers = Arrays.asList(handlers);
		Assert.notNull(logoutSuccessUrlMap, "logoutSuccessUrlMap不能为null");
		Iterator<String> urlIte = logoutSuccessUrlMap.keySet().iterator();
		while (urlIte.hasNext()) {
			String logoutUrl = urlIte.next();
			String logoutSuccessUrl = logoutSuccessUrlMap.get(logoutUrl);
			Assert.isTrue(!StringUtils.hasLength(logoutSuccessUrl) ||
					UrlUtils.isValidRedirectUrl(logoutSuccessUrl), logoutSuccessUrl + " isn't a valid redirect URL");
			SimpleUrlLogoutSuccessHandler urlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
			if (StringUtils.hasText(logoutSuccessUrl)) {
				urlLogoutSuccessHandler.setDefaultTargetUrl(logoutSuccessUrl);
			}
			urlSuccessHandlerMap.put(logoutUrl, urlLogoutSuccessHandler);
		}
		//logoutSuccessHandler = urlLogoutSuccessHandler;
	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
		String filterProcessesUrl = requiresLogout(request, response);

		//System.out.println(filterProcessesUrl);

		if (filterProcessesUrl != null) {
			Authentication auth = SecurityContextHolder.getContext().getAuthentication();

			if (logger.isDebugEnabled()) {
				logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
			}

			for (LogoutHandler handler : handlers) {
				handler.logout(request, response, auth);
			}

			urlSuccessHandlerMap.get(filterProcessesUrl).onLogoutSuccess(request, response, auth);

			return;
		}

		chain.doFilter(request, response);
	}

	/**
	 * Allow subclasses to modify when a logout should take place.
	 *
	 * @param request the request
	 * @param response the response
	 *
	 * @return <code>true</code> if logout should occur, <code>false</code> otherwise
	 */
	protected String requiresLogout(HttpServletRequest request, HttpServletResponse response) {
		String uri = request.getRequestURI();
		//System.out.println(uri);

		int pathParamIndex = uri.indexOf(';');

		if (pathParamIndex > 0) {
			// strip everything from the first semi-colon
			uri = uri.substring(0, pathParamIndex);
		}

		int queryParamIndex = uri.indexOf('?');

		if (queryParamIndex > 0) {
			// strip everything from the first question mark
			uri = uri.substring(0, queryParamIndex);
		}

		String result = null;
		Iterator<String> urlMapStr = urlSuccessHandlerMap.keySet().iterator();
		while (urlMapStr.hasNext()) {
			String filterProcessesUrl = urlMapStr.next();

			//System.out.println(filterProcessesUrl);

			if ("".equals(request.getContextPath())) {
				result = uri.endsWith(filterProcessesUrl) ? filterProcessesUrl : null;
				if (result != null) break;
			}

			result = uri.endsWith(request.getContextPath() + filterProcessesUrl) ?
					filterProcessesUrl : null;
			if (result != null) break;
		}
		return result;
	}
}